Re: [dnsext] draft-jabley-dnsop-validator-bootstrap-00

Paul Hoffman <> Tue, 01 February 2011 01:45 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D74003A6CB3 for <>; Mon, 31 Jan 2011 17:45:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -101.137
X-Spam-Status: No, score=-101.137 tagged_above=-999 required=5 tests=[AWL=-0.331, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, SARE_LWSHORTT=1.24, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id z-ZyhAEUtk7P for <>; Mon, 31 Jan 2011 17:45:59 -0800 (PST)
Received: from (Hoffman.Proper.COM []) by (Postfix) with ESMTP id 0A19C3A6CAD for <>; Mon, 31 Jan 2011 17:45:58 -0800 (PST)
Received: from MacBook-08.local ( []) (authenticated bits=0) by (8.14.4/8.14.3) with ESMTP id p111nD63090730 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for <>; Mon, 31 Jan 2011 18:49:14 -0700 (MST) (envelope-from
Message-ID: <>
Date: Mon, 31 Jan 2011 17:49:13 -0800
From: Paul Hoffman <>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv: Gecko/20101207 Thunderbird/3.1.7
MIME-Version: 1.0
References: <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [dnsext] draft-jabley-dnsop-validator-bootstrap-00
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 01 Feb 2011 01:45:59 -0000

On 1/31/11 4:40 PM, Phillip Hallam-Baker wrote:
> To be precise here, there is no difference in the likelihood that the
> keys will be compromised.

Quite right.

> The difference is that the X.509 protocol is designed to support keys
> that are persistent over long periods (decades) and DNSSEC is not.

Poppycock. Both PKIX and DNSSEC are agnostic on how long the keys are 
meant to last. Pretending that PKIX has some advantage here is nonsense.

> In particular an X.509 self-signed certificate is an assertion that the
> key holder will maintain and use the associated private key in
> accordance with the specified practices for the specified length of time.

Bosh. If you are talking about the "notAfter" field, it is defined as 
the end of "the time interval during which the CA warrants that it will 
maintain information about the status of the certificate"; that is quite 
different than "maintain and use". If you are speaking of something 
else, please quote from the PKIX spec.

> You can easily find out how long Comodo or Symantec or whoever is going
> to maintain their SSL CA roots, the information is right there in the
> cert store and is irrevocable in that the CA can extend the time period
> (through recertification) but cannot reduce it.

Balderdash. When I look in Comodo's certificate in my "cert store", I 
don't see anything about how long you are going to maintain your SSL CA 
root. I see something that says you will maintain *information about the 
status* of the certificate; note the difference. As for "irrevocable", 
that's just silly: Comodo can revoke it at any time. There is no 
contract here.

> My advice to Cisco would be to use their existing root to sign the
> published CSR for the DNS root KSK in the short term at least.

Signing is the easy part: making their systems use that signed key is 
much more difficult. That difficulty is what started this thread; 
handwaving it away won't help Cisco or anyone.

> In the longer term we are going to have to have a look at the problem at
> a higher level and work out how we are going to solve it in a scalable
> way across all the platforms that involve a root key.
> We are starting to make quite a little collection of industry forums
> that are doing this root key management as a sideline.

Now everyone can rest assured: industry forums to the rescue!